[28275] in North American Network Operators' Group
Re: Question about strain on the A root server
daemon@ATHENA.MIT.EDU (Andrew Brown)
Sun Apr 23 15:57:09 2000
Date: Sun, 23 Apr 2000 15:55:07 -0400
From: Andrew Brown <twofsonet@graffiti.com>
To: John Fraizer <nanog@EnterZone.Net>, nanog@merit.edu, dsf@gblx.net
Message-ID: <20000423155507.A28525@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20000423142533.A24347@frontiernet.net>; from dsf@gblx.net on Sun, Apr 23, 2000 at 02:25:33PM -0400
Errors-To: owner-nanog-outgoing@merit.edu
>> binfo.c = Bind Version Checker
>> 'binfo' is a quick little script to pull back the version
>> of named running on a remote nameserver. This is handy
>> for
>> comparing it to a list of known vulnerable versions of
>> named/bind. Previous to this, it took a few commands to
>> extract out the version.
>
>It seems to have been written more of not as a DNS admin convenience,
>but more as for inclusion into rootkit type packages, IMO.
perhaps, but it's certainly (a) not malicious or (b) gonna swamp the
root servers.
>A few commands? More like one :)
>
>$ nslookup -q=txt -class=chaos version.bind <nameserver>
or dig version.bind chaos txt @nameserver :)
>And here's how to disable giving out that information to untrusted hosts
>or networks:
>
>in named.conf, set up something like this (*NOT* in the options section):
>...
>Now, create a file called 'chaos' (in same directory where your zone
>files lives) with something like:
>...
been there, done that. and it's interesting to see all the people who
are checking out your name server after their addresses get logged for
hitting the acl.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."
